The New York State legislature is presently considering outlawing noncompete agreements in certain circumstances. Although New York courts strongly disfavor such covenants against competition, employers may soon be prevented from enforcing such agreements against low-wage workers or employees who were terminated without cause. Presently, an employer may prevent a former employee from competing with that employer, as long as the employer demonstrates a “reasonable” basis for such a restraint. If legislation currently making its way through Albany becomes law, New York employers may be prevented from enforcing such provisions against many employees. Importantly, New York employers may soon be enjoined from enforcing so-called “no poach provisions,” or clauses designed to prevent a competitor from soliciting or hiring another competitor’s talent. New York employers and employees alike should consult with competent counsel experienced with employment restrictive covenants prior to entering into such an agreement to ensure continued compliance with this evolving area of law.
I love running. Actually, I love all kinds of competition. My friends know that I love to celebrate the success of others. Business success. Athletic success. Success in personal relationships. All of it. It's what Buddhists call "mudita," or "sympathetic joy."
I particularly enjoy inspiring stories of people helping other people overcome adversity. That's why I am deviating from the usual legal blog post to share this special story involving a young family, its business, and the importance of focusing on goals.
Lauren Fleshman is a professional runner, an entrepreneur, a wife, and a mom. She's won state championships, NCAA titles, USA Championships and finished as high as 7th in the World (so far). This link to her family's business page is a beautiful reminder that we have the ability to chose to be successful - in athletics, in business, and in life.
I hope you enjoy it.
The Massachusetts legislature has renewed its effort to limit the effect of noncompete agreements on employees. As readers of this page know, state leaders across the country have noticed that California's ban on such restrictive covenants has been a boon to the tech sector and other creative entrepreneurs.
A noncompete agreement is a contract (or clause within a contract) under which one party, usually an employee, agrees not to engage in activities which are similar to the activities of the other party, usually an employer. The purpose of a noncompete agreement is to allow a party to protect its legitimate business against possible unfair competition from the other party. Noncompete agreements allow an employer to provide its employee with valuable resources, including increased salary and access to proprietary information, in order to maximize the employee's value to the employer.
Although disfavored in New York, noncompete agreements remain enforceable. If you are asked to accept a noncompete agreement as a condition of your employment, take a moment to consider a few factors before you sign:
- Are you bringing assets (contact lists, customers, intellectual property, etc.) you developed at a prior job with you to your new employer?
- Is your new employer willing to pay you additional compensation for bringing those assets with you?
- Will you be permitted to utilize the assets you brought to your new employer after your employment ends?
- Does the noncompete agreement provide for additional compensation to refrain from competing after your employment ends (sometimes referred to as "garden-leave" provisions)?
- Will your new employer hire you if you refuse to sign? Is there room to negotiate?
This list of considerations is not exclusive. Anyone asked to enter into a noncompete agreement as a condition of employment should consult with experienced employment counsel before signing. No two employment situations are identical. The enforceability of noncompete agreements is highly fact-dependent in New York. One truth is universal - no one should sign a noncompete agreement in New York without first considering its impact on one's post-employment ability to earn a living.
Effective employers balance employee morale and work efficiency. If you are reading this post, you are probably one of those employers. You want to keep your talent happy. You want to be flexible. You are willing to provide frequent and timely input and feedback. You want to give your employees the resources they need to succeed without tethering them to the office.
In an effort to find and maintain the elusive work-life balance for their employees, many employers increasingly rely on “bring your own device” (“BYOD”) to work policies. BYOD workplaces allow employees to utilize their personal devices to conduct their employer’s business. These devices typically include smart phones, laptop computers, external hard drives, and other hardware capable of transmitting and storing electronic information.
Allowing employees to use personal devices to conduct business has several advantages. In addition to realizing the cost savings in not buying additional equipment for employees, employers can stay in touch with their employees in remote locations. Employees with children can perform essential tasks at home. Commuters can work while in transit.
Before you allow your employees to use their personal devices for work, however, you should recognize that BYOD practices are not without problems. To reduce risk, employers who allow employees to use their own devices must have clearly written BYOD policies. Your BYOD policy should be narrowly tailored to the specific circumstances of your business, yet broad enough to protect your confidential and proprietary information – all without unnecessarily infringing on your employees’ legitimate expectations of privacy.
To strike this balance, an employer’s BYOD policy should clarify that:
· communication sent over the employer’s server is subject to monitoring by the employer;
· personal devices will be configured by the employer to work with the employer’s information systems;
· no employer information may be stored on any device or platform (hardware or cloud-based) without prior approval by the employer;
· personal devices will be password-protected;
· passwords will be changed periodically;
· the employer has the right to over-ride employees’ password with “administrator” passwords;
· personal devices will have “lock” features triggered by inactivity;
· employees consent to complete wiping of data in the event of a lost device;
· non-work related communication using the employer’s information systems is prohibited and may result in disciplinary action;
· employees must return all employer information in any format, including any information stored on any personal devices, to the employer upon separation;
· employees are prohibited from using their devices to violate the employer’s policies, including any anti-harassment policies, and are otherwise prohibited from participating in any unlawful activity using the employer’s resources;
· in keeping with the Fair Labor Standards Act (“FLSA”) and any related wage/hour laws, non-exempt employees are required to record and report any out-of-office and work-related activity conducted remotely in excess of forty (40) hours per week.
In addition, a BYOD policy should specify that any employee who uses his or her personal device in violation of the BYOD policy recognizes that such a violation:
· constitutes potentially irreparable harm to the employer;
· may not be remedied by a monetary award of dollar damages;
· will result in the employee consenting to the imposition of injunctive relief, including, without limitation, a court of competent jurisdiction issuing a temporary retraining order and/or preliminary injunction enjoining and retraining the employee from taking any further action against the interests of the employer;
· will result in a forfeiture of the device used and a review of the device by the employer, the employer’s legal counsel, or a court of competent jurisdiction to examine to extent of the breach of the BYOD policy.
As with most policies, it is wise to have an attorney with relevant legal experience in the BYOD space draft a policy narrowly tailored to needs of your business. If you allow your employees to conduct your business using their personal devices, contact an attorney and implement a written BYOD policy as soon as possible.
New York State’s Paid Family Leave Benefits Law (“PFLBL”) takes effect January 1, 2018. Although some companies have been preparing for this employment law development for some time, every employer with at least one employee should review the PFLBL's basics.
Job-protected, paid family leave (“PFL”) benefits will increase in four phases. Employees will be entitled to a number of paid weeks off at increasing percentages of the lesser of their average weekly pay or New York State’s average weekly wage as follows:
· January 1, 2018: Eight weeks; lesser of 50% or 50%;
· January 1, 2019: 10 weeks; lesser of 55% or 55%;
· January 1, 2020: 12 weeks; lesser of 60% or 60%;
· January 1, 2021: 12 weeks; lesser of 67% or 67%.
The PFLBL supplements, and does not replace, the the Family Medical Leave Act (“FMLA”). Employees at companies with 50 employees or more who have worked for a year or more may take more than 12 weeks. An employer need not pay that employee for such additional time under the PFLBL. Employees remain free to use paid time off, if it is available, rather than PFLBL leave, if they so choose.
If a full-time employee has worked for at least 26 consecutive weeks, or if a part-time employee has worked for at least 175 days, that employee may take PFLBL leave related to:
· care for family members with serious health conditions;
· bonding with a new-born child during the baby’s first year;
· adoption or foster care placement; and
· certain exigencies related to a family member’s military service.
The PFLBL does not provide for paid time off for an employee’s own medical condition. New York’s short-term disability scheme covers those situations.
Employers may begin collecting weekly employee contributions beginning July 1, 2017. Employees may not opt out. Employers should consult with their disability insurance carriers, review paid time off policies with their employees, post all necessary legal notices, and, as always, consult with legal counsel experienced in this area to prepare themselves for these changes.
Noncompete agreements poison our economy.
That is the view of Harvard Law grad and Op-Ed Contributor Orly Lobel in a thoughtful piece published recently in the New York Times.
Analyzing data compiled by the Treasury Department, Ms. Lowry notes that noncompetes were "once reserved for a corporation's most treasured rainmakers," but are now "routinely applied to low wage workers" like warehouse employees, fast-food workers, and even dog-sitters. She claims that noncompetes stifle performance, and reduce employee motivation and entrepreneurship.
Her solution? Ms. Lobel argues that, at a minimum, every state should ban noncompetes purporting to restrict:
- low-wage workers;
- workers "in occupations that promote public safety and health"; and
- workers who were terminated without cause.
In New York State, noncompetes are enforceable against employees only to the extent they:
- are no greater than necessary to protect and employer's legitimate business interest;
- do not impose undue hardship on the employee;
- do not cause injury to the public; and
- are reasonable in both geographic scope and duration.
Regardless of whether noncompete agreements poison our economy, they appear to be here to stay in New York State. Although New York courts strongly disfavor enforcing noncompetes, an employee is well-advised to review with counsel any such agreement before signing. Even if you feel compelled to sign one for fear of losing your offer of employment, look for advice from an attorney with experience in this area prior to signing.
“Don’t open that Google Doc ‘I’ sent you!” How many texts like this did we see this week?
Another national phishing scam, this one involving Google Docs, reminds us to be vigilante regarding our cyber data. Mass media outlets and specialty trade journals agree that this attack was particularly sneaky. Although Google claims the attack affected 0.1 percent of Gmail users, this amounts to 1 million accounts.
Cyber attacks and phishing scams are annoying to individuals. But they can cripple you business. If personally identifying information (“PII”) or other statutorily protected data in your company’s care is compromised, individual employees and companies alike can be sued, fined, and in some cases, criminally prosecuted.
Increasingly, companies store their information utilizing remote networks of servers (often referred to as “The Cloud”). This increases the risk of cyber attacks. As I previously noted in an earlier post phishing scammers seem to be moving “down the food chain” by attacking smaller companies with less sophisticated defense networks.
Now more than ever, small to mid-size businesses should consider drafting, implementing, and testing data breach incident response plans. No one can avoid a cyber attack. But a data breach incident response plan is a cost-effective measure to reduce the adverse impact a cyber attack may have on your business.
Typical elements of an effective data breach incident response plan include the following:
Before the Cyber Attack
· Establish an Incident Response Team;
· Include at least one manager or officer on the Team;
· Include a member of the company’s IT group on the Team;
· Identify legal counsel to assist your Team with its response;
· Identify a third-party IT vendor to assist with breach analysis;
· Identify an identity-theft and credit monitoring vendor to assist;
· Print and circulate written copies of the Plan to all employees.
Within the First 24 Hours of the Cyber Attack
· Notify all members of the Team;
· Record the date, time, and place of the attack – document everything;
· Secure the premises;
· Identify scope of breach;
· Determine (with counsel) whether to notify law enforcement;
· Identify (with counsel) which state laws apply.
Within the First 72 Hours of the Breach
· Different states have different notice requirements. Accordingly, some affected persons must be notified right away;
· Most states require potentially affected persons to be notified, too;
· Notify government agencies as required by each jurisdiction implicated;
· Supply government agencies with the “notices of cyber attack or data breach” already provided to those affected;
· Notify and engage identity-theft and credit monitoring vendor.
Within the First Nine Months
· Follow-up with credit monitoring vendor on status;
· Maintain toll free number to field inquiries from affected person;
· Review IT protocols to reduce risk of recurring breaches.
Although no one “template” fits all data breach notification scenarios, a typical notification letter will include:
· An opening paragraph stating plainly what happened;
· A brief statement expressing regret and demonstrating empathy;
· A brief description of your action plan, including phone numbers for affected persons to use in order to get more information;
· NOTE: Draft these letters mindful of your potential duty to provide them to government agencies and/or the authorities.
Although cyber attacks and data breaches are common, they are highly fact-dependent. No two breaches are exactly alike. It is critical to consult with legal counsel experienced in this area, ideally before, but certainly after, a cyber security or other similar data breach.